CVE-2024-45277

Prototype Pollution vulnerability in SAP HANA Client

CVSS 4.3 MEDIUMEPSS 0.6%CWE-1321

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 oct 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Productos afectados

SAP_SE · SAP HANA Client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3520100 https://url.sap/sapsecuritypatchday https://www.npmjs.com/package/@sap/hana-client?activeTab=code